Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Jun 2019 18:45:48 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 238725] Severe NFS exports(5) -maproot regression for :group definition
Message-ID:  <bug-238725-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238725

            Bug ID: 238725
           Summary: Severe NFS exports(5) -maproot regression for :group
                    definition
           Product: Base System
           Version: 12.0-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: bugzilla.freebsd@omnilan.de

Hello,

I've been using semi-sophisticated exports(5), last adjusted with FreeBSD-9=
 and
reused sucessfully on FreeBSD-10+11.
Recently I upgraded one machine From FreeBSD-11 to FreeBSD-12-stable and now
the ":group" definition of -maproot=3D in exports(5) has no effect anymore.

Here are the relevant infos for reproduction (NFSv4):
/zfs/netshares/deployment  -ro -maproot=3D65534:65533 -network 192.0.2.0/24
getent passwd 65534
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
getent group 65534
nobody:*:65534
This is verified to be identical on the 11 and 12 servers!


On the NFS server, cd into /zfs/netshares/deploymemt and:
mkdir test && touch test/testfile
setfacl -b test && chown root:nogroup test && chmod 750 test=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20

On the client, issue as root: ls
/$nfsservermounpoint/zfs/netshares/deployment/test
Clients mounting from FreeBSD-12 tell "ls: .../deployment/test: Permission
denied"
Clients mounting from FreeBSD-11 list the "testfile".

The -maproot=3Duser part works, but not the :group anymore.
This is also falsified using nfsv3 (with ESXi client).

Hope somebody has an idea which change could be the culprit.  Needless to s=
ay
that this was really unexpected and badly breaks a lot of things.

Thanks,
-harry

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238725-227>